Техническая информация
- [<HKCU>\Software\Microsoft\Command Processor] 'AutoRun' = '"%APPDATA%\mscab.exe"'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '"%APPDATA%\mscab.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'mscab' = '"%APPDATA%\mscab.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'mscab' = '"%APPDATA%\mscab.exe"'
- %HOMEPATH%\Start Menu\Programs\Startup\mscab.lnk
- '%APPDATA%\mscab.exe'
- '<SYSTEM32>\svchost.exe' -k netsvcs
- <SYSTEM32>\cscript.exe
- <SYSTEM32>\cmd.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\ctfmon.exe
- C:\Documents and Settings\Default User\Start Menu\Programs\Startup\mscab.lnk
- %APPDATA%\mscab.exe
- %APPDATA%\mscab.exe
- '74.##5.232.51':80
- DNS ASK google.com
- ClassName: 'Indicator' WindowName: '(null)'